How should the oauth2 protocol work?

M

Mass1veDit2022-04-14 15:51:53

OAuth

Mass1veDit, 2022-04-14 15:51:53

in fact, I have to authenticate with the server, then get a bearer token, through client_id and client_secret, and my routes work without it.
Although if you delete clients from the database, then an error pops up saying create clients

. I have an api route
localhost/api/crm/login

for authorization in postman immediately after entering the login and password, it gives out the user's bearer token and its data

would be correct to make an authentication request using client_id and client_secret,

and only then, if authenticated with the server, issue a bearer token to the user,
and if not authenticated, then show an error

.
But if you remove clients from the database, then an error pops up

. Tell me please, because of what this all can be?
Making api for mobile

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

T

TheAndrey7, 2022-04-15
@TheAndrey7

OAuth is an authentication protocol using external service accounts (social networks are popular). This whole topic with the creation of client_id is needed to control third-party application developers, to be able to cancel the tokens they created in case of violation of the rules for using the service.
If your system does not require the use of accounts to enter other sites and services created by other developers, then it is not needed.

in postman immediately after entering the username and password, it issues the user's bearer token and his data

The most simple authentication system, which is used everywhere in private applications (backend and mobile application development within the same project). That's the way it should be.